Peer-to-peer communication systems such as local area networks (LANs) are an increasingly popular choice for connecting many computers together. Within a LAN, multiple computer nodes may vie, on an equal basis, for access to a physical media of a moderately high bandwidth. A key feature of most LAN access methods is that they do not require a central communication controller. The result is a system that allows many nodes to be simply and quickly interconnected.
However, simplicity of access to a shared media means that LANs have some well known security problems. In particular, with the standard arrangement, there is no way to prevent an unauthorized user from connecting to the LAN and reading sensitive information. Furthermore, an unauthorized user can seriously disrupt the orderly operation of the LAN, by simply repeatedly transmitting messages, either intentionally or unintentionally.
The problem of locating unauthorized or malfunctioning nodes is exacerbated even further in an extended-LAN environment, where many LAN segments are interconnected by devices such as bridges and routers.
In most LAN installations, it is a major challenge for the LAN administrator to identify and locate the nodes connected to his LAN. Ideally this would be done automatically. However, not all nodes can be expected to cooperate in an interrogation process, and certainly not nodes which are malfunctioning or which have malevolent intent. Thus, automatic determination of the LAN topology is perceived to be quite difficult, if not impossible.
Available LAN monitoring methods fall short of what is needed. The crudest method is for the administrator to physically check the LAN cabling. At its best, this method is time consuming but accurate. At its worst, this method becomes physically impossible, such as when LAN segments are connected through gateways over telephone lines.
In other instances, the LAN administrator may use special purpose hardware. A particularly common method is for the administrator to issue commands which query the routing tables of any nodes on the network which act as routers or gateways. This requires the administrator to understand the routing data, however, and is by necessity restricted to those protocols for which routing data can be decoded. It is thus not applicable to the most popular LAN technologies such as personal computer LANs which use broadcast datagram services.
Other tools such as network monitors detect the LAN message traffic and decode source and destination addresses. This allows the administrator to determine which end nodes are active. Network monitors may also be configured to generate an alarm whenever a new node is seen. However, they cannot determine the LAN topology when more than one LAN segment is present, because the presence of segment interconnect devices such as bridges is not evident from simply examining source and destination addresses.
Ideally, a network topology monitor thus operates automatically and independently of any equipment connected to the end nodes, should be passive in the sense that it does not disrupt the state of any nodes, and should be able to determine the configuration of multiple-segment LANs, including the arrangement of bridges between segments.